gitlab-rails-ce-18.1
Chainguard
Status
Impact
GitLab CE 18.1.5 uses ruby-saml 1.18.0, which is vulnerable to CVE-2025-54572 (DoS vulnerability with large SAML response bypassing message_max_bytesize). Fixed version: 1.18.1. Deferring to upstream GitLab to address this CVE in a subsequent update. See: https://docs.gitlab.com/ee/development/dependencies.html.
Status